[166] in bug-owl
buffer overflows in Owl
daemon@ATHENA.MIT.EDU (Stephen Gildea)
Mon Apr 21 11:09:41 2003
Message-Id: <200304211509.h3LF9cla023373@pacific-carrier-annex.mit.edu>
From: Stephen Gildea <gildea@alum.mit.edu>
To: bug-owl@mit.edu
Date: Mon, 21 Apr 2003 11:09:38 -0400
I audited the Owl code for potential buffer overflow problems.
It looks to me like Owl is vulnerable to messages with very long
class or instance names or a very large number of fields.
I don't think such unusual messages can be generated with the
standard Zephyr library, but it would still be a possible form of
network-based attack.
Owl version 2.0.1-pre-1.
< Stephen
